App Privacy

“Trackting” app Privacy Policy pursuant to Articles 13 and 14 of the European General Data Protection Regulation

TRACKTING srl has created the "Trackting" app (the "App") as a commercial app and takes every necessary precaution to protect the privacy of Users and Operators of the digital anti-theft and geolocation service provided through the App.

This policy is provided to inform you, Users of the App and Operators of the Services provided by our Company ("You" or "Users"), about how your Personal Data (hereinafter collectively referred to as "Data") is processed, as well as the exercise of your rights, in accordance with the provisions of European Regulation 2016/679 on the general protection of personal Data ("GDPR") and Legislative Decree 196/2003 and subsequent amendments (the "Privacy Code" and, together with the GDPR, the "Applicable Privacy Legislation”).

Your Data is processed in order to provide the Service and make it usable and functional through the App, in compliance with the Applicable Privacy Legislation and in accordance with what is established in the App's license agreement. The information and Data collected will not be used for purposes unrelated to or exceeding what is described in this Policy.

  1. Data Controller

The Data Controller is TRACKTING srl (hereinafter also "We" or the "Company") with registered office in Via Borgognina, 5 – 61030 Cartoceto (PU) – Tax Code – VAT no. 02036680417.

  1. What Data we may process

Your Personal Data is processed in order to execute a contract, provide the Services requested by you and allow the correct and optimal functioning of the App.

The Personal Data we may process are:

  • your personal identification Data;
  • your contact Data (e-mail and phone number);
  • Data relating to the payment for the use of the Service;
  • Data relating to the device on which the App is installed;
  • Geolocation Data of the vehicle on which the Tracker is installed and of the device on which the App is installed;
  • any other data voluntarily provided by you.
  1. For what purposes we will use your Data and on what legal bases 

Depending on their different nature, we will process your Data in the manner, for the purposes and on the legal bases specified below.

  • A) Personal identification data, contact data, payment data and any other data voluntarily provided

To use our Service, you need to register an account through the App and provide a phone number: during registration, you will be asked to provide your first name, last name, and email address to create an account, and a phone number to make a call to report that the vehicle on which the Tracker is installed has been moved.

We will process this Data to create your account and to allow you to access the App and use our anti-theft and geolocation Service. We may also process this Data, and any other information voluntarily provided by you, to respond to requests for assistance or information that we receive through the App or other communication channels.

If payment is required for the provision of the Service, we will also process the Data necessary for payment management (e.g., Data relating to credit cards used for payments, billing Data, etc.).

In addition, we may process the Data for tax and legal compliance related to the execution of the contract.

Your personal identification and contact Data will therefore be processed on the basis of the following legal bases:

  • to perform contractual and pre-contractual obligations and to provide the Service covered by the contract (Art. 6, par. 1, letter b), of the GDPR) and
  • for the fulfillment of obligations provided for by laws or regulations (Art. 6, par. 1, letter c), of the GDPR).

In this context, the provision of Data is optional, but failure to communicate it may make it impossible to fulfill, in whole or in part, legal and contractual obligations.

  • B) Data relating to the device on which the App is installed

Upon installation of the App, the company will collect and process your device's Data to allow for the correct installation and functioning of the App itself, to provide the Service you requested, as well as to identify any technical or security problems and provide you with the necessary technical support in case of malfunction.

Furthermore, we may process such Data to ensure your and the Service's security and protection and to ensure that the use of the Service complies with the law and the contract governing it, as well as to prevent and manage fraud and other illegal activities carried out through the App.

Specifically, we will process the following Data: the device model, IP address, phone number, operating system version, browser information, system updates, screen resolution, any information related to network connection and battery level, language settings, information related to app, browser, and device interactions with our Services, reports on abnormal operations or interruptions, date and time information, and any other identifying device data necessary for the proper functioning of the Service.

We will process the Data related to your device on the basis of the following legal assumptions:

  • to perform contractual and pre-contractual obligations and to provide the Service covered by the contract (Art. 6, par. 1, letter b), of the GDPR).
  • for the pursuit of our legitimate interest in preventing and managing fraud and other illegal activities carried out through the App (Art. 6, par. 1, letter f), of the GDPR).
  • C) Geolocation data of the vehicle on which the Tracker is installed and of the device on which the App is installed

We process information on the location of the vehicle on which the Tracker is installed and of the device on which the App is installed in order to enable the functioning of the App and the provision of the Service requested by you. Specifically, the Tracker sends, via SIM, the GPS coordinates of the vehicle which are collected, encrypted and stored by us for the time necessary for the provision of the Service.

From the moment of collection, we process such Data using encryption systems (AES).

We will process geolocation Data exclusively based on your valid consent (Art. 6, par. 1, letter a), of the GDPR, and Art. 126 of the Privacy Code).

Your consent to the processing of geolocation Data is freely given. In this context, the lack of consent to the processing implies the impossibility of providing the digital anti-theft and geolocation service for the vehicle on which the Tracker is installed.

The User has the right to withdraw consent to the processing of geolocation Data at any time

  • by unpairing the Tracker through the App, regarding the location information of the vehicle on which the Tracker is installed;
  • by deactivating the specific geolocation function on your device, regarding the location information of the device on which the App is installed.

In case you withdraw your consent, it will be impossible for us to continue providing the anti-theft and geolocation Service, and therefore, the provision of the Service will be suspended.

  • D) Contact Data

We may use the email address you provide to us to send commercial communications strictly related to the Products and/or Services provided to you or otherwise related to similar products or services. In any case, if you do not wish to receive these communications, you can simply request that your Data not be used for this purpose by sending an email to privacy@trackting.com, or by clicking on the appropriate link to object to receiving unwanted communications, made available within the promotional emails sent by the Company.

For this purpose, we will process your Data based on our legitimate interest (Art. 6, par. 1, letter f), of the GDPR).

  1. How long we will process your Data

We will process the Data for the time required to achieve the purposes for which it was collected.

Specifically:

  1. Data collected for purposes related to the execution of the contract and the provision of the Service will be processed as long as the user's account remains active; Data related to payments made and, in general, accounting and tax Data will be stored for ten years;
  1. Geolocation Data will be stored, encrypted, for six months; if geolocation Data is necessary from time to time to assert or defend your rights or the Company's rights in court, it may be stored for the additional period strictly necessary for their pursuit.

At the end of the retention period, personal Data will be deleted. Therefore, after the indicated terms expire, the rights of access, erasure, rectification, and the right to Data portability can no longer be exercised.

For the purposes referred to in letter d) of paragraph 3, the Data will be stored until an objection to processing is received and, in any case, no later than two years after any account deactivation.

  1. Place of processing and transfer of Personal Data abroad.

Your Personal Data is processed within the European Union and will not be transferred outside the European Economic Area.

  1. To whom we may communicate your Data

Your Personal Data may be communicated to the following categories of recipients:

  1. external parties who process personal Data on our behalf and who are specifically appointed as data processors for this purpose (e.g., legal and accounting service providers, hosting providers, technical and IT service providers, external consultants, etc.);
  1. subjects, bodies, or authorities to whom it is mandatory to communicate your Personal Data by virtue of legal provisions or orders from authorities.
  1. Your rights

You can exercise the rights better identified below, including the right to request access to Data, rectification or erasure of the same, restriction of processing and to object to our use of it, as well as the right to request the delivery of some of these.

Right of access

The data subject has the right to obtain from the data controller confirmation as to whether or not personal Data concerning him or her is being processed, and, where that is the case, access to the personal Data and the following information:

  • a) the purposes of the processing;
  • b) the categories of personal Data concerned;
  • c) the recipients or categories of recipient to whom the personal Data have been or will be disclosed, in particular recipients in third countries or international organisations and, in such cases, the existence of adequate safeguards;
  • d) where possible, the envisaged period for which the personal Data will be stored, or, if not possible, the criteria used to determine that period;
  • e) the existence of the right to request from the controller rectification or erasure of personal Data or restriction of processing of personal Data concerning the data subject or to object to such processing;
  • f) the right to lodge a complaint with a supervisory authority;
  • g) where the Data are not collected from the data subject, any available information as to their source;
  • h) the existence of automated decision-making, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Right to rectification

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.

Right to erasure

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  • a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • b) the data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing;
  • c) the data subject objects to the processing and there are no overriding legitimate grounds for the processing;
  • d) the personal data have been unlawfully processed;
  • e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;

Rights to restriction of processing

The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

  • a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
  • b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  • c) although the controller no longer needs the personal data for the purposes of the processing, they are required by the data subject for the establishment, exercise or defence of legal claims;
  • d) the data subject has objected to processing, pending the verification whether the legitimate grounds of the controller override those of the data subject.

Right to data portability

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

  • a) the processing is based on consent or on a contract; and
  • b) the processing is carried out by automated means.

In exercising his or her right to data portability, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

  1. How to contact us to exercise your rights?

You can exercise your rights by contacting us at the following addresses:

TRACKTING srl

Via Borgognina, 5 – 61030 Cartoceto (PU)

E-mail: privacy@trackting.com

Certified email: trackting@pec.it

  1. How to contact the competent Supervisory Authority to submit any complaints?

Any complaints may be submitted to the Garante per la Protezione dei Dati Personali (Personal Data Protection Authority) at the following contacts:

Garante per la Protezione dei Dati Personali

Piazza Venezia, 11 – 00187 Rome

Fax: (+39) 06.69677.3785

Tel: (+39) 06.696771

E-mail: garante@gpdp.it

Certified email: protocollo@pec.gpdp.it

  1. Any changes to this privacy policy

This privacy policy may be subject to changes and updates, in whole or in part, also due to changes in applicable legislation; should there be any changes to the way your data is processed, we will inform you of such changes.